Cisco Internet Operating System SNMP消息处理远程拒绝服务漏洞
涉及程序:
Cisco Internet Operating System SNMP
描述:
Cisco Internet Operating System SNMP消息处理远程拒绝服务漏洞
详细:
Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。Cisco IOS在处理远程SNMP消息时存在设计问题,远程攻击者利用这个漏洞发送畸形SNMP消息引起内存破坏而导致拒绝服务。
SNMP是用于监视和管理网络设备的协议,其中消息使用UDP来对SNMP代理和管理器之间进行通信。Cisco IOS SNMP服务在处理特殊SNMP消息时不正确,可引起设备重载。
一般SNMP操作使用161/udp和162/udp端口,另外除了这些知名端口,Cisco IOS使用随机选择的范围在49152及59152/udp之间的UDP端口监听其他类型的SNMP消息。特殊构建的畸形SNMPv1和SNMPv2可触发此漏洞,而且更危险的是任何SNMPv3"恳谈"操作发感到此类端口可引起内存破坏而使设备重载,造成拒绝服务。
受影响系统:
Cisco IOS 12.3 (6)
Cisco IOS 12.3 (5b)
Cisco IOS 12.3 (5a)b
Cisco IOS 12.3 (5a)
Cisco IOS 12.3 (5)
Cisco IOS 12.3 (4)XD1
Cisco IOS 12.3 (4)XD
Cisco IOS 12.3 (4)T3
Cisco IOS 12.3 (4)T2
Cisco IOS 12.3 (4)T1
Cisco IOS 12.3 (4)T
Cisco IOS 12.3 (2)XC2
Cisco IOS 12.3 (2)XC1
Cisco IOS 12.3 (2)T3
Cisco IOS 12.2 (23)
Cisco IOS 12.2 (21a)
Cisco IOS 12.2 (21)
Cisco IOS 12.2 (20)S1
Cisco IOS 12.2 (20)S
Cisco IOS 12.2 (12h)
Cisco IOS 12.2 (12g)
Cisco IOS 12.1(20)EO
Cisco IOS 12.1 (20)EW1
Cisco IOS 12.1 (20)EW
Cisco IOS 12.1 (20)EC1
Cisco IOS 12.1 (20)EC
Cisco IOS 12.1 (20)EA1
Cisco IOS 12.1 (20)E2
Cisco IOS 12.1 (20)E1
Cisco IOS 12.1 (20)E
Cisco IOS 12.0 (27)SV1
Cisco IOS 12.0 (27)SV
Cisco IOS 12.0 (27)S
Cisco IOS 12.0 (26)S1
Cisco IOS 12.0 (24)S5
Cisco IOS 12.0 (24)S4
Cisco IOS 12.0 (23)S5
Cisco IOS 12.0 (23)S4
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2.0
Cisco ONS 15454 Optical Transport Platform 3.1.0
Cisco ONS 15454 Optical Transport Platform 3.0
不受影响系统:
Cisco IOS 12.3 (9)
Cisco IOS 12.3 (7.7)
Cisco IOS 12.3 (7)T
Cisco IOS 12.3 (6a)
Cisco IOS 12.3 (5c)
Cisco IOS 12.3 (5)B1
Cisco IOS 12.3 (4)XQ
Cisco IOS 12.3 (4)XK
Cisco IOS 12.3 (4)XH
Cisco IOS 12.3 (4)XG1
Cisco IOS 12.3 (4)XD2
Cisco IOS 12.3 (4)T4
Cisco IOS 12.3 (4)EO1
Cisco IOS 12.3 (2)XC3
Cisco IOS 12.2 (24)
Cisco IOS 12.2 (23a)
Cisco IOS 12.2 (23.6)
Cisco IOS 12.2 (22)S
Cisco IOS 12.2 (21b)
Cisco IOS 12.2 (20)S2
Cisco IOS 12.2 (12i)
Cisco IOS 12.1 (22)E1
Cisco IOS 12.1 (20)EW2
Cisco IOS 12.1 (20)EC2
Cisco IOS 12.1 (20)EA1a
Cisco IOS 12.1 (20)E3
Cisco IOS 12.0 (27)SV2
Cisco IOS 12.0 (27)S1
Cisco IOS 12.0 (26)S2
Cisco IOS 12.0 (24)S6
Cisco IOS 12.0 (23)S6
攻击方法:
暂无有效攻击代码
解决方案:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 关闭设备上的SNMP服务。
* 对这些端口进行访问控制。
Cisco已经为此发布了一个安全公告(cisco-sa-20040420-snmp)以及相应补丁:
cisco-sa-20040420-snmp:Vulnerabilities in SNMP Message Processing
链接:http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
附加信息:
无
推荐
评论(0条)
